The gzip file compression utility has a buffer overflow and will crash
if its input file name is larger than 1020 characters. It is reported
that the buffer overflow can be exploited if gzip is being executed on
a server (the example given is an FTP server).

This problem has been fixed in the latest gzip beta and a patch has
been made available. Affected users should update their version of gzip as soon
as possible.

NQS (Network Queuing System) is a job control and batch processing
system. It has a format string bug that can be exploited to execute
arbitrary commands as root by any local user that can submit a job
with qsub.

The line printer daemon lpd, distributed with OpenBSD, has a
vulnerability that under some conditions can be used to create files
in the root directory. The exploit can only be carried out by an attacker
that has root on a machine listed in the /etc/hosts.lpd or
/etc/hosts.equiv files. It should also be noted that the default
installation of OpenBSD does not start the line printer daemon.

Patches have been released to fix this vulnerability for OpenBSD 2.8,
2.9, and 3.0.

DCForum, a Web-based forum system, has a vulnerability that can be
used by a remote attacker to access any account in the forum. The
vulnerability is caused by DCForum using the first six characters of the
user's session ID, which is stored in a cookie, as the password.

The author of DCForum has released a patch for this vulnerability and
it is recommended that all users apply the patch as soon as possible.

Caldera has released an updated patch to fix a set of security
problems in OpenServer's shell here-document processing. The earlier
patch is reported to have problems that result in a "variety of
unusual behaviors." These problems affect OpenServer version 5.0.6a
and earlier.

Caldera recommends that users apply the new patches as soon as
possible and does not suggest a workaround.

IPRoute, a PC-based IP router, is vulnerable to a denial-of-service
attack using tiny fragmented packets. An attack will lock up the machine and require that the system be restarted to regain functionality.

Several vulnerabilities have been discovered in Magic Enterprise
Edition that can be exploited by a local attacker to execute
arbitrary commands with the permissions of the user executing the Web
server. There are also other vulnerabilities that can be used to
overwrite files and corrupt memory.

pfinger, a finger daemon written in C, has a format-string
vulnerability in both the client and the server that can be used
by an attacker to execute arbitrary code with the permissions of the
user nobody.

It is recommended that users upgrade to version 0.7.8 or newer of
pfinger.

Namazu, a full-text search engine, has vulnerabilities that can be
exploited by an attacker to insert scripts and HTML tags into
dynamically-generated pages and has a buffer overflow in an
environmental variable.

Users of Namazu should upgrade to version 2.0.10 or newer as soon as
possible.

tac_plus version F4.0.4.alpha is an example Tacacs+ daemon. It
creates its accounting files with unsafe permissions and is vulnerable
to a symbolic-link race condition if its accounting files are written
into a directory in which the attacker can create symbolic links.

The library Imlib2 has a buffer overflow that can be exploited using
the set group id application Eterm to gain additional privileges.
Under some circumstances, it may be possible for an attacker to leverage
these additional privileges into root access on the machine.

It is recommend that users upgrade to Imlib2 1.0.5 or newer or watch
their vendor for and updated version.

Robbie Saunders' AIM Filter was announced as being a temporary
solution to protecting AIM users from buffer overflow attacks. It has
now been reported that, in fact, AIM Filter also had code for a back
door, cash-based click-throughs, and can launch Web browsers that load
porn sites. This is a good reminder to be sure of the author of your
applications and a good example of how open source code can
(eventually at least) protect users of software from this type of
problem.